Merged
Conversation
renovate
bot
added
dependencies
Contributor
|
Upstream chart diff: diff --git charts/grafana/.helmignore charts/grafana/.helmignore
index 8cade131..06243306 100644
--- charts/grafana/.helmignore
+++ charts/grafana/.helmignore
@@ -14,10 +14,14 @@
*.swp
*.bak
*.tmp
+*.orig
*~
# Various IDEs
-.vscode
.project
.idea/
*.tmproj
-OWNERS
+.vscode/
+# Helm plugin tooling
+ci/
+tests/
+*.gotmpl
diff --git charts/grafana/Chart.yaml charts/grafana/Chart.yaml
index deaa4bc3..910df112 100644
--- charts/grafana/Chart.yaml
+++ charts/grafana/Chart.yaml
@@ -1,37 +1,29 @@
apiVersion: v2
name: grafana
-version: 10.5.15
-appVersion: 12.3.1
-kubeVersion: "^1.8.0-0"
-deprecated: true
+version: 11.2.2
+# renovate: docker=docker.io/grafana/grafana
+appVersion: 12.4.0
+kubeVersion: "^1.25.0-0"
description: The leading tool for querying and visualizing time series and metrics.
home: https://grafana.com
icon: https://artifacthub.io/image/b4fed1a7-6c8f-4945-b99d-096efa3e4116
sources:
- https://github.com/grafana/grafana
- - https://github.com/grafana/helm-charts
+ - https://github.com/grafana-community/helm-charts
annotations:
"artifacthub.io/license": Apache-2.0
"artifacthub.io/links": |
- name: Chart Source
- url: https://github.com/grafana/helm-charts
+ url: https://github.com/grafana-community/helm-charts
- name: Upstream Project
url: https://github.com/grafana/grafana
maintainers:
- - name: zanhsieh
- email: zanhsieh@gmail.com
- - name: rtluckie
- email: rluckie@cisco.com
- - name: maorfr
- email: maor.friedman@redhat.com
- - name: Xtigyro
- email: miroslav.hadzhiev@gmail.com
- - name: torstenwalter
- email: mail@torstenwalter.de
- - name: jkroepke
+ - name: Jan-Otto Kröpke
email: github@jkroepke.de
- - name: QuentinBisson
+ url: https://github.com/jkroepke
+ - name: Quentin Bisson
email: quentin.bisson@gmail.com
+ url: https://github.com/QuentinBisson
type: application
keywords:
- monitoring
diff --git charts/grafana/README.md charts/grafana/README.md
index a11c48d9..8975b1c9 100644
--- charts/grafana/README.md
+++ charts/grafana/README.md
@@ -1,41 +1,48 @@
# Grafana Helm Chart
-* Installs the web dashboarding system [Grafana](http://grafana.org/)
+The leading tool for querying and visualizing time series and metrics.
-## 📦 Chart Migration
+## Source Code
-**This chart is being migrated to [grafana-community/helm-charts](https://github.com/grafana-community/helm-charts).**
+* <https://github.com/grafana/grafana>
-After January 30th, 2026, updates and support for this chart will be provided in the new repository. Please update your Helm repository configuration to ensure you continue receiving updates.
+## Requirements
-## Get Repo Info
+Kubernetes: `^1.25.0-0`
-``console
-helm repo add grafana https://grafana.github.io/helm-charts
-helm repo update
-``
+## Installing the Chart
-_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._
+### OCI Registry
-## Installing the Chart
+OCI registries are preferred in Helm as they implement unified storage, distribution, and improved security.
+
+``console
+helm install RELEASE-NAME oci://ghcr.io/grafana-community/helm-charts/grafana
+``
-To install the chart with the release name `my-release`:
+### HTTP Registry
``console
-helm install my-release grafana/grafana
+helm repo add grafana-community https://grafana-community.github.io/helm-charts
+helm repo update
+helm install RELEASE-NAME grafana-community/grafana
``
## Uninstalling the Chart
-To uninstall/delete the my-release deployment:
+To remove all of the Kubernetes objects associated with the Helm chart release:
``console
-helm delete my-release
+helm delete RELEASE-NAME
``
-The command removes all the Kubernetes components associated with the chart and deletes the release.
+## Changelog
+
+See the [changelog](https://grafana-community.github.io/helm-charts/changelog/?chart=grafana).
+
+---
-## Upgrading an existing Release to a new major version
+## Upgrading
A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an
incompatible breaking change needing manual actions.
@@ -63,286 +70,17 @@ need to instead set `global.imageRegistry`.
Static alerting resources now support Helm templating. This means that alerting resources loaded from external files (`alerting.*.files`) are now processed by the Helm template engine.
-If you already use template expressions intended for Alertmanager (for example, `{{ $labels.instance }}`), these must now be escaped to avoid unintended Helm evaluation. To escape them, wrap the braces with an extra layer like this:
+If you already use template expressions intended for Alertmanager (for example, `{{ $labels.instance }}`), these must now be escaped to avoid unintended Helm or Go template evaluation. To escape them, wrap the braces with an extra layer like this:
`{{ "{{" }} $labels.instance {{ "}}" }}`
This ensures the expressions are preserved for Alertmanager instead of being rendered by Helm.
-## Configuration
+### To 11.0.0
+
+The minimum required Kubernetes version is now 1.25. All references to deprecated APIs have been removed.
-| Parameter | Description | Default |
-|-------------------------------------------|-----------------------------------------------|---------------------------------------------------------|
-| `replicas` | Number of nodes | `1` |
-| `podDisruptionBudget.minAvailable` | Pod disruption minimum available | `nil` |
-| `podDisruptionBudget.maxUnavailable` | Pod disruption maximum unavailable | `nil` |
-| `podDisruptionBudget.apiVersion` | Pod disruption apiVersion | `nil` |
-| `deploymentStrategy` | Deployment strategy | `{ "type": "RollingUpdate" }` |
-| `livenessProbe` | Liveness Probe settings | `{ "httpGet": { "path": "/api/health", "port": 3000 } "initialDelaySeconds": 60, "timeoutSeconds": 30, "failureThreshold": 10 }` |
-| `readinessProbe` | Readiness Probe settings | `{ "httpGet": { "path": "/api/health", "port": 3000 } }`|
-| `securityContext` | Deployment securityContext | `{"runAsUser": 472, "runAsGroup": 472, "fsGroup": 472}` |
-| `priorityClassName` | Name of Priority Class to assign pods | `nil` |
-| `image.registry` | Image registry | `docker.io` |
-| `image.repository` | Image repository | `grafana/grafana` |
-| `image.tag` | Overrides the Grafana image tag whose default is the chart appVersion (`Must be >= 5.0.0`) | `` |
-| `image.sha` | Image sha (optional) | `` |
-| `image.pullPolicy` | Image pull policy | `IfNotPresent` |
-| `image.pullSecrets` | Image pull secrets (can be templated) | `[]` |
-| `service.enabled` | Enable grafana service | `true` |
-| `service.ipFamilies` | Kubernetes service IP families | `[]` |
-| `service.ipFamilyPolicy` | Kubernetes service IP family policy | `""` |
-| `service.sessionAffinity` | Kubernetes service session affinity config | `""` |
-| `service.type` | Kubernetes service type | `ClusterIP` |
-| `service.port` | Kubernetes port where service is exposed | `80` |
-| `service.portName` | Name of the port on the service | `service` |
-| `service.appProtocol` | Adds the appProtocol field to the service | `` |
-| `service.targetPort` | Internal service is port | `3000` |
-| `service.nodePort` | Kubernetes service nodePort | `nil` |
-| `service.annotations` | Service annotations (can be templated) | `{}` |
-| `service.labels` | Custom labels | `{}` |
-| `service.clusterIP` | internal cluster service IP | `nil` |
-| `service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `nil` |
-| `service.loadBalancerSourceRanges` | list of IP CIDRs allowed access to lb (if supported) | `[]` |
-| `service.externalIPs` | service external IP addresses | `[]` |
-| `service.externalTrafficPolicy` | change the default externalTrafficPolicy | `nil` |
-| `headlessService` | Create a headless service | `false` |
-| `extraExposePorts` | Additional service ports for sidecar containers| `[]` |
-| `hostAliases` | adds rules to the pod's /etc/hosts | `[]` |
-| `ingress.enabled` | Enables Ingress | `false` |
-| `ingress.annotations` | Ingress annotations (values are templated) | `{}` |
-| `ingress.labels` | Custom labels | `{}` |
-| `ingress.path` | Ingress accepted path | `/` |
-| `ingress.pathType` | Ingress type of path | `Prefix` |
-| `ingress.hosts` | Ingress accepted hostnames | `["chart-example.local"]` |
-| `ingress.extraPaths` | Ingress extra paths to prepend to every host configuration. Useful when configuring [custom actions with AWS ALB Ingress Controller](https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.6/guide/ingress/annotations/#actions). Requires `ingress.hosts` to have one or more host entries. | `[]` |
-| `ingress.tls` | Ingress TLS configuration | `[]` |
-| `ingress.ingressClassName` | Ingress Class Name. MAY be required for Kubernetes versions >= 1.18 | `""` |
-| `resources` | CPU/Memory resource requests/limits | `{}` |
-| `nodeSelector` | Node labels for pod assignment | `{}` |
-| `tolerations` | Toleration labels for pod assignment | `[]` |
-| `affinity` | Affinity settings for pod assignment | `{}` |
-| `extraInitContainers` | Init containers to add to the grafana pod | `{}` |
-| `extraContainers` | Sidecar containers to add to the grafana pod | `""` |
-| `extraContainerVolumes` | Volumes that can be mounted in sidecar containers | `[]` |
-| `extraLabels` | Custom labels for all manifests | `{}` |
-| `schedulerName` | Name of the k8s scheduler (other than default) | `nil` |
-| `persistence.enabled` | Use persistent volume to store data | `false` |
-| `persistence.type` | Type of persistence (`pvc` or `statefulset`) | `pvc` |
-| `persistence.size` | Size of persistent volume claim | `10Gi` |
-| `persistence.existingClaim` | Use an existing PVC to persist data (can be templated) | `nil` |
-| `persistence.volumeName` | If using a PVC, then use a specific PV name | `nil` |
-| `persistence.storageClassName` | Type of persistent volume claim | `nil` |
-| `persistence.accessModes` | Persistence access modes | `[ReadWriteOnce]` |
-| `persistence.annotations` | PersistentVolumeClaim annotations | `{}` |
-| `persistence.finalizers` | PersistentVolumeClaim finalizers | `[ "kubernetes.io/pvc-protection" ]` |
-| `persistence.extraPvcLabels` | Extra labels to apply to a PVC. | `{}` |
-| `persistence.subPath` | Mount a sub dir of the persistent volume (can be templated) | `nil` |
-| `persistence.inMemory.enabled` | If persistence is not enabled, whether to mount the local storage in-memory to improve performance | `false` |
-| `persistence.inMemory.sizeLimit` | SizeLimit for the in-memory local storage | `nil` |
-| `persistence.disableWarning` | Hide NOTES warning, useful when persisting to a database | `false` |
-| `initChownData.enabled` | If false, don't reset data ownership at startup | true |
-| `initChownData.image.registry` | init-chown-data container image registry | `docker.io` |
-| `initChownData.image.repository` | init-chown-data container image repository | `busybox` |
-| `initChownData.image.tag` | init-chown-data container image tag | `1.31.1` |
-| `initChownData.image.sha` | init-chown-data container image sha (optional)| `""` |
-| `initChownData.image.pullPolicy` | init-chown-data container image pull policy | `IfNotPresent` |
-| `initChownData.resources` | init-chown-data pod resource requests & limits | `{}` |
-| `initChownData.securityContext` | init-chown-data pod securityContext | `{"readOnlyRootFilesystem": false, "runAsNonRoot": false}`, "runAsUser": 0, "seccompProfile": {"type": "RuntimeDefault"}, "capabilities": {"add": ["CHOWN"], "drop": ["ALL"]}}` |
-| `schedulerName` | Alternate scheduler name | `nil` |
-| `env` | Extra environment variables passed to pods | `{}` |
-| `envValueFrom` | Environment variables from alternate sources. See the API docs on [EnvVarSource](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#envvarsource-v1-core) for format details. Can be templated | `{}` |
-| `envFromSecret` | Name of a Kubernetes secret (must be manually created in the same namespace) containing values to be added to the environment. Can be templated | `""` |
-| `envFromSecrets` | List of Kubernetes secrets (must be manually created in the same namespace) containing values to be added to the environment. Can be templated | `[]` |
-| `envFromConfigMaps` | List of Kubernetes ConfigMaps (must be manually created in the same namespace) containing values to be added to the environment. Can be templated | `[]` |
-| `envRenderSecret` | Sensible environment variables passed to pods and stored as secret. (passed through [tpl](https://helm.sh/docs/howto/charts_tips_and_tricks/#using-the-tpl-function)) | `{}` |
-| `enableServiceLinks` | Inject Kubernetes services as environment variables. | `true` |
-| `extraSecretMounts` | Additional grafana server secret mounts | `[]` |
-| `extraVolumeMounts` | Additional grafana server volume mounts | `[]` |
-| `extraVolumes` | Additional Grafana server volumes | `[]` |
-| `automountServiceAccountToken` | Mounted the service account token on the grafana pod. Mandatory, if sidecars are enabled | `true` |
-| `createConfigmap` | Enable creating the grafana configmap | `true` |
-| `extraConfigmapMounts` | Additional grafana server configMap volume mounts (values are templated) | `[]` |
-| `extraEmptyDirMounts` | Additional grafana server emptyDir volume mounts | `[]` |
-| `plugins` | Plugins to be loaded along with Grafana | `[]` |
-| `datasources` | Configure grafana datasources (passed through tpl) | `{}` |
-| `alerting` | Configure grafana alerting (passed through tpl) | `{}` |
-| `notifiers` | Configure grafana notifiers | `{}` |
-| `dashboardProviders` | Configure grafana dashboard providers | `{}` |
-| `defaultCurlOptions` | Configure default curl short options for all dashboards, the beginning dash is required | `-skf` |
-| `dashboards` | Dashboards to import | `{}` |
-| `dashboardsConfigMaps` | ConfigMaps reference that contains dashboards | `{}` |
-| `grafana.ini` | Grafana's primary configuration | `{}` |
-| `global.imageRegistry` | Global image pull registry for all images. | `null` |
-| `global.imagePullSecrets` | Global image pull secrets (can be templated). Allows either an array of {name: pullSecret} maps (k8s-style), or an array of strings (more common helm-style). | `[]` |
-| `ldap.enabled` | Enable LDAP authentication | `false` |
-| `ldap.existingSecret` | The name of an existing secret containing the `ldap.toml` file, this must have the key `ldap-toml`. | `""` |
-| `ldap.config` | Grafana's LDAP configuration | `""` |
-| `annotations` | Deployment annotations | `{}` |
-| `labels` | Deployment labels | `{}` |
-| `podAnnotations` | Pod annotations | `{}` |
-| `podLabels` | Pod labels | `{}` |
-| `podPortName` | Name of the grafana port on the pod | `grafana` |
-| `lifecycleHooks` | Lifecycle hooks for podStart and preStop [Example](https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/#define-poststart-and-prestop-handlers) | `{}` |
-| `sidecar.image.registry` | Sidecar image registry | `quay.io` |
-| `sidecar.image.repository` | Sidecar image repository | `kiwigrid/k8s-sidecar` |
-| `sidecar.image.tag` | Sidecar image tag | `2.5.0` |
-| `sidecar.image.sha` | Sidecar image sha (optional) | `""` |
-| `sidecar.imagePullPolicy` | Sidecar image pull policy | `IfNotPresent` |
-| `sidecar.resources` | Sidecar resources | `{}` |
-| `sidecar.securityContext` | Sidecar securityContext | `{}` |
-| `sidecar.enableUniqueFilenames` | Sets the kiwigrid/k8s-sidecar UNIQUE_FILENAMES environment variable. If set to `true` the sidecar will create unique filenames where duplicate data keys exist between ConfigMaps and/or Secrets within the same or multiple Namespaces. | `false` |
-| `sidecar.alerts.enabled` | Enables the cluster wide search for alerts and adds/updates/deletes them in grafana |`false` |
-| `sidecar.alerts.env` | Extra environment variables passed to pods | `{}` |
-| `sidecar.alerts.envValueFrom` | Environment variables from alternate sources. See the API docs on [EnvVarSource](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#envvarsource-v1-core) for format details. Can be templated | `{}` |
-| `sidecar.alerts.label` | Label that config maps with alerts should have to be added (can be templated) | `grafana_alert` |
-| `sidecar.alerts.labelValue` | Label value that config maps with alerts should have to be added (can be templated) | `""` |
-| `sidecar.alerts.searchNamespace` | Namespaces list. If specified, the sidecar will search for alerts config-maps inside these namespaces. Otherwise the namespace in which the sidecar is running will be used. It's also possible to specify ALL to search in all namespaces. | `nil` |
-| `sidecar.alerts.watchMethod` | Method to use to detect ConfigMap changes. With WATCH the sidecar will do a WATCH requests, with SLEEP it will list all ConfigMaps, then sleep for 60 seconds. | `WATCH` |
-| `sidecar.alerts.resource` | Should the sidecar looks into secrets, configmaps or both. | `both` |
-| `sidecar.alerts.reloadURL` | Full url of datasource configuration reload API endpoint, to invoke after a config-map change | `"http://localhost:3000/api/admin/provisioning/alerting/reload"` |
-| `sidecar.alerts.skipReload` | Enabling this omits defining the REQ_URL and REQ_METHOD environment variables | `false` |
-| `sidecar.alerts.initAlerts` | Set to true to deploy the alerts sidecar as an initContainer. This is needed if skipReload is true, to load any alerts defined at startup time. | `false` |
-| `sidecar.alerts.restartPolicy` | Set to `Always` to enable native sidecars. `sidecar.alerts.initAlerts` must be `true` | `""`|
-| `sidecar.alerts.startupProbe` | Startup probe for the native sidecar | `{}` |
-| `sidecar.alerts.extraMounts` | Additional alerts sidecar volume mounts. | `[]` |
-| `sidecar.dashboards.enabled` | Enables the cluster wide search for dashboards and adds/updates/deletes them in grafana | `false` |
-| `sidecar.dashboards.env` | Extra environment variables passed to pods | `{}` |
-| `sidecar.dashboards.envValueFrom` | Environment variables from alternate sources. See the API docs on [EnvVarSource](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#envvarsource-v1-core) for format details. Can be templated | `{}` |
-| `sidecar.dashboards.SCProvider` | Enables creation of sidecar provider | `true` |
-| `sidecar.dashboards.provider.name` | Unique name of the grafana provider | `sidecarProvider` |
-| `sidecar.dashboards.provider.orgid` | Id of the organisation, to which the dashboards should be added | `1` |
-| `sidecar.dashboards.provider.folder` | Logical folder in which grafana groups dashboards | `""` |
-| `sidecar.dashboards.provider.folderUid` | Allows you to specify the static UID for the logical folder above | `""` |
-| `sidecar.dashboards.provider.disableDelete` | Activate to avoid the deletion of imported dashboards | `false` |
-| `sidecar.dashboards.provider.allowUiUpdates` | Allow updating provisioned dashboards from the UI | `false` |
-| `sidecar.dashboards.provider.type` | Provider type | `file` |
-| `sidecar.dashboards.provider.foldersFromFilesStructure` | Allow Grafana to replicate dashboard structure from filesystem. | `false` |
-| `sidecar.dashboards.watchMethod` | Method to use to detect ConfigMap changes. With WATCH the sidecar will do a WATCH requests, with SLEEP it will list all ConfigMaps, then sleep for 60 seconds. | `WATCH` |
-| `sidecar.skipTlsVerify` | Set to true to skip tls verification for kube api calls | `nil` |
-| `sidecar.dashboards.label` | Label that config maps with dashboards should have to be added (can be templated) | `grafana_dashboard` |
-| `sidecar.dashboards.labelValue` | Label value that config maps with dashboards should have to be added (can be templated) | `""` |
-| `sidecar.dashboards.folder` | Folder in the pod that should hold the collected dashboards (unless `sidecar.dashboards.defaultFolderName` is set). This path will be mounted. | `/tmp/dashboards` |
-| `sidecar.dashboards.folderAnnotation` | The annotation the sidecar will look for in configmaps to override the destination folder for files | `nil` |
-| `sidecar.dashboards.defaultFolderName` | The default folder name, it will create a subfolder under the `sidecar.dashboards.folder` and put dashboards in there instead | `nil` |
-| `sidecar.dashboards.searchNamespace` | Namespaces list. If specified, the sidecar will search for dashboards config-maps inside these namespaces. Otherwise the namespace in which the sidecar is running will be used. It's also possible to specify ALL to search in all namespaces. | `nil` |
-| `sidecar.dashboards.script` | Absolute path to shell script to execute after a configmap got reloaded. | `nil` |
-| `sidecar.dashboards.reloadURL` | Full url of dashboards configuration reload API endpoint, to invoke after a config-map change | `"http://localhost:3000/api/admin/provisioning/dashboards/reload"` |
-| `sidecar.dashboards.skipReload` | Enabling this omits defining the REQ_USERNAME, REQ_PASSWORD, REQ_URL and REQ_METHOD environment variables | `false` |
-| `sidecar.dashboards.initDashboards` | Set to true to deploy the dashboards sidecar as an initContainer in addition to a container. This is needed if skipReload is true, to load any dashboards defined at startup time. | `false` |
-| `sidecar.dashboards.restartPolicy` | Set to `Always` to enable native sidecars. `sidecar.dashboards.initAlerts` must be `true` | `""`|
-| `sidecar.dashboards.startupProbe` | Startup probe for the native sidecar | `{}` |
-| `sidecar.dashboards.resource` | Should the sidecar looks into secrets, configmaps or both. | `both` |
-| `sidecar.dashboards.extraMounts` | Additional dashboard sidecar volume mounts. | `[]` |
-| `sidecar.datasources.enabled` | Enables the cluster wide search for datasources and adds/updates/deletes them in grafana |`false` |
-| `sidecar.datasources.label` | Label that config maps with datasources should have to be added (can be templated) | `grafana_datasource` |
-| `sidecar.datasources.labelValue` | Label value that config maps with datasources should have to be added (can be templated) | `""` |
-| `sidecar.datasources.searchNamespace` | Namespaces list. If specified, the sidecar will search for datasources config-maps inside these namespaces. Otherwise the namespace in which the sidecar is running will be used. It's also possible to specify ALL to search in all namespaces. | `nil` |
-| `sidecar.datasources.watchMethod` | Method to use to detect ConfigMap changes. With WATCH the sidecar will do a WATCH requests, with SLEEP it will list all ConfigMaps, then sleep for 60 seconds. | `WATCH` |
-| `sidecar.datasources.resource` | Should the sidecar looks into secrets, configmaps or both. | `both` |
-| `sidecar.datasources.reloadURL` | Full url of datasource configuration reload API endpoint, to invoke after a config-map change | `"http://localhost:3000/api/admin/provisioning/datasources/reload"` |
-| `sidecar.datasources.skipReload` | Enabling this omits defining the REQ_URL and REQ_METHOD environment variables | `false` |
-| `sidecar.datasources.initDatasources` | Set to true to deploy the datasource sidecar as an initContainer in addition to a container. This is needed if skipReload is true, to load any datasources defined at startup time. | `false` |
-| `sidecar.datasources.restartPolicy` | Set to `Always` to enable native sidecars. `sidecar.datasources.initAlerts` must be `true` | `""`|
-| `sidecar.datasources.startupProbe` | Startup probe for the native sidecar | `{}` |
-| `sidecar.notifiers.enabled` | Enables the cluster wide search for notifiers and adds/updates/deletes them in grafana | `false` |
-| `sidecar.notifiers.label` | Label that config maps with notifiers should have to be added (can be templated) | `grafana_notifier` |
-| `sidecar.notifiers.labelValue` | Label value that config maps with notifiers should have to be added (can be templated) | `""` |
-| `sidecar.notifiers.searchNamespace` | Namespaces list. If specified, the sidecar will search for notifiers config-maps (or secrets) inside these namespaces. Otherwise the namespace in which the sidecar is running will be used. It's also possible to specify ALL to search in all namespaces. | `nil` |
-| `sidecar.notifiers.watchMethod` | Method to use to detect ConfigMap changes. With WATCH the sidecar will do a WATCH requests, with SLEEP it will list all ConfigMaps, then sleep for 60 seconds. | `WATCH` |
-| `sidecar.notifiers.resource` | Should the sidecar looks into secrets, configmaps or both. | `both` |
-| `sidecar.notifiers.reloadURL` | Full url of notifier configuration reload API endpoint, to invoke after a config-map change | `"http://localhost:3000/api/admin/provisioning/notifications/reload"` |
-| `sidecar.notifiers.skipReload` | Enabling this omits defining the REQ_URL and REQ_METHOD environment variables | `false` |
-| `sidecar.notifiers.initNotifiers` | Set to true to deploy the notifier sidecar as an initContainer in addition to a container. This is needed if skipReload is true, to load any notifiers defined at startup time. | `false` |
-| `sidecar.notifiers.restartPolicy` | Set to `Always` to enable native sidecars. `sidecar.notifiers.initAlerts` must be `true` | `""`|
-| `sidecar.notifiers.startupProbe` | Startup probe for the native sidecar | `{}` |
-| `smtp.existingSecret` | The name of an existing secret containing the SMTP credentials. | `""` |
-| `smtp.userKey` | The key in the existing SMTP secret containing the username. | `"user"` |
-| `smtp.passwordKey` | The key in the existing SMTP secret containing the password. | `"password"` |
-| `admin.existingSecret` | The name of an existing secret containing the admin credentials (can be templated). | `""` |
-| `admin.userKey` | The key in the existing admin secret containing the username. | `"admin-user"` |
-| `admin.passwordKey` | The key in the existing admin secret containing the password. | `"admin-password"` |
-| `serviceAccount.automountServiceAccountToken` | Automount the service account token on all pods where is service account is used | `false` |
-| `serviceAccount.annotations` | ServiceAccount annotations | |
-| `serviceAccount.create` | Create service account | `true` |
-| `serviceAccount.labels` | ServiceAccount labels | `{}` |
-| `serviceAccount.name` | Service account name to use, when empty will be set to created account if `serviceAccount.create` is set else to `default` | `` |
-| `serviceAccount.nameTest` | Service account name to use for test, when empty will be set to created account if `serviceAccount.create` is set else to `default` | `nil` |
-| `rbac.create` | Create and use RBAC resources | `true` |
-| `rbac.namespaced` | Creates Role and Rolebinding instead of the default ClusterRole and ClusteRoleBindings for the grafana instance | `false` |
-| `rbac.useExistingRole` | Set to a rolename to use existing role - skipping role creating - but still doing serviceaccount and rolebinding to the rolename set here. | `nil` |
-| `rbac.pspEnabled` | Create PodSecurityPolicy (with `rbac.create`, grant roles permissions as well) | `false` |
-| `rbac.pspUseAppArmor` | Enforce AppArmor in created PodSecurityPolicy (requires `rbac.pspEnabled`) | `false` |
-| `rbac.extraRoleRules` | Additional rules to add to the Role | [] |
-| `rbac.extraClusterRoleRules` | Additional rules to add to the ClusterRole | [] |
-| `command` | Define command to be executed by grafana container at startup | `nil` |
-| `args` | Define additional args if command is used | `nil` |
-| `testFramework.enabled` | Whether to create test-related resources | `true` |
-| `testFramework.image.registry` | `test-framework` image registry. | `docker.io` |
-| `testFramework.image.repository` | `test-framework` image repository. | `bats/bats` |
-| `testFramework.image.tag` | `test-framework` image tag. | `v1.4.1` |
-| `testFramework.imagePullPolicy` | `test-framework` image pull policy. | `IfNotPresent` |
-| `testFramework.securityContext` | `test-framework` securityContext | `{}` |
-| `downloadDashboards.env` | Environment variables to be passed to the `download-dashboards` container | `{}` |
-| `downloadDashboards.envFromSecret` | Name of a Kubernetes secret (must be manually created in the same namespace) containing values to be added to the environment. Can be templated | `""` |
-| `downloadDashboards.resources` | Resources of `download-dashboards` container | `{}` |
-| `downloadDashboardsImage.registry` | Curl docker image registry | `docker.io` |
-| `downloadDashboardsImage.repository` | Curl docker image repository | `curlimages/curl` |
-| `downloadDashboardsImage.tag` | Curl docker image tag | `8.9.1` |
-| `downloadDashboardsImage.sha` | Curl docker image sha (optional) | `""` |
-| `downloadDashboardsImage.pullPolicy` | Curl docker image pull policy | `IfNotPresent` |
-| `namespaceOverride` | Override the deployment namespace | `""` (`Release.Namespace`) |
-| `serviceMonitor.enabled` | Use servicemonitor from prometheus operator | `false` |
-| `serviceMonitor.namespace` | Namespace this servicemonitor is installed in | |
-| `serviceMonitor.interval` | How frequently Prometheus should scrape | `1m` |
-| `serviceMonitor.path` | Path to scrape | `/metrics` |
-| `serviceMonitor.scheme` | Scheme to use for metrics scraping | `http` |
-| `serviceMonitor.tlsConfig` | TLS configuration block for the endpoint | `{}` |
-| `serviceMonitor.labels` | Labels for the servicemonitor passed to Prometheus Operator | `{}` |
-| `serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `30s` |
-| `serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping. | `[]` |
-| `serviceMonitor.metricRelabelings` | MetricRelabelConfigs to apply to samples before ingestion. | `[]` |
-| `revisionHistoryLimit` | Number of old ReplicaSets to retain | `10` |
-| `imageRenderer.enabled` | Enable the image-renderer deployment & service | `false` |
-| `imageRenderer.image.registry` | image-renderer Image registry | `docker.io` |
-| `imageRenderer.image.repository` | image-renderer Image repository | `grafana/grafana-image-renderer` |
-| `imageRenderer.image.tag` | image-renderer Image tag | `latest` |
-| `imageRenderer.image.sha` | image-renderer Image sha (optional) | `""` |
-| `imageRenderer.image.pullSecrets` | image-renderer Image pull secrets (optional) | `[]` |
-| `imageRenderer.image.pullPolicy` | image-renderer ImagePullPolicy | `Always` |
-| `imageRenderer.env` | extra env-vars for image-renderer | `{}` |
-| `imageRenderer.envValueFrom` | Environment variables for image-renderer from alternate sources. See the API docs on [EnvVarSource](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#envvarsource-v1-core) for format details. Can be templated | `{}` |
-| `imageRenderer.extraConfigmapMounts` | Additional image-renderer configMap volume mounts (values are templated) | `[]` |
-| `imageRenderer.extraSecretMounts` | Additional image-renderer secret volume mounts | `[]` |
-| `imageRenderer.extraVolumeMounts` | Additional image-renderer volume mounts | `[]` |
-| `imageRenderer.extraVolumes` | Additional image-renderer volumes | `[]` |
-| `imageRenderer.serviceAccountName` | image-renderer deployment serviceAccountName | `""` |
-| `imageRenderer.securityContext` | image-renderer deployment securityContext | `{}` |
-| `imageRenderer.podAnnotations` | image-renderer image-renderer pod annotation | `{}` |
-| `imageRenderer.hostAliases` | image-renderer deployment Host Aliases | `[]` |
-| `imageRenderer.priorityClassName` | image-renderer deployment priority class | `''` |
-| `imageRenderer.service.enabled` | Enable the image-renderer service | `true` |
-| `imageRenderer.service.portName` | image-renderer service port name | `http` |
-| `imageRenderer.service.port` | image-renderer port used by deployment | `8081` |
-| `imageRenderer.service.targetPort` | image-renderer service port used by service | `8081` |
-| `imageRenderer.appProtocol` | Adds the appProtocol field to the service | `` |
-| `imageRenderer.grafanaSubPath` | Grafana sub path to use for image renderer callback url | `''` |
-| `imageRenderer.serverURL` | Remote image renderer url | `''` |
-| `imageRenderer.renderingCallbackURL` | Callback url for the Grafana image renderer | `''` |
-| `imageRenderer.podPortName` | name of the image-renderer port on the pod | `http` |
-| `imageRenderer.revisionHistoryLimit` | number of image-renderer replica sets to keep | `10` |
-| `imageRenderer.networkPolicy.limitIngress` | Enable a NetworkPolicy to limit inbound traffic from only the created grafana pods | `true` |
-| `imageRenderer.networkPolicy.limitEgress` | Enable a NetworkPolicy to limit outbound traffic to only the created grafana pods | `false` |
-| `imageRenderer.resources` | Set resource limits for image-renderer pods | `{}` |
-| `imageRenderer.nodeSelector` | Node labels for pod assignment | `{}` |
-| `imageRenderer.tolerations` | Toleration labels for pod assignment | `[]` |
-| `imageRenderer.affinity` | Affinity settings for pod assignment | `{}` |
-| `networkPolicy.enabled` | Enable creation of NetworkPolicy resources. | `false` |
-| `networkPolicy.allowExternal` | Don't require client label for connections | `true` |
-| `networkPolicy.explicitNamespacesSelector` | A Kubernetes LabelSelector to explicitly select namespaces from which traffic could be allowed | `{}` |
-| `networkPolicy.ingress` | Enable the creation of an ingress network policy | `true` |
-| `networkPolicy.egress.enabled` | Enable the creation of an egress network policy | `false` |
-| `networkPolicy.egress.ports` | An array of ports to allow for the egress | `[]` |
-| `enableKubeBackwardCompatibility` | Enable backward compatibility of kubernetes where pod's defintion version below 1.13 doesn't have the enableServiceLinks option | `false` |
+## Configuration
### Example ingress with path
@@ -441,15 +179,15 @@ dashboards:
## BASE64 dashboards
-Dashboards could be stored on a server that does not return JSON directly and instead of it returns a Base64 encoded file (e.g. Gerrit)
-A new parameter has been added to the url use case so if you specify a b64content value equals to true after the url entry a Base64 decoding is applied before save the file to disk.
+Dashboards could be stored on a server that does not return JSON directly and instead of it returns a base64 encoded file (e.g. Gerrit)
+A new parameter has been added to the URL use case so if you specify a b64content value equals to true after the URL entry a base64 decoding is applied before save the file to disk.
If this entry is not set or is equals to false not decoding is applied to the file before saving it to disk.
### Gerrit use case
Gerrit API for download files has the following schema: <https://yourgerritserver/a/{project-name}/branches/{branch-id}/files/{file-id}/content> where {project-name} and
-{file-id} usually has '/' in their values and so they MUST be replaced by %2F so if project-name is user/repo, branch-id is master and file-id is equals to dir1/dir2/dashboard
-the url value is <https://yourgerritserver/a/user%2Frepo/branches/master/files/dir1%2Fdir2%2Fdashboard/content>
+{file-id} usually has '/' in their values and so they MUST be replaced by %2F so if project-name is user/repository, branch-id is master and file-id is equals to dir1/dir2/dashboard
+the URL value is <https://yourgerritserver/a/user%2Frepo/branches/master/files/dir1%2Fdir2%2Fdashboard/content>
## Sidecar for dashboards
@@ -481,7 +219,7 @@ data:
If the parameter `sidecar.datasources.enabled` is set, an init container is deployed in the grafana
pod. This container lists all secrets (or configmaps, though not recommended) in the cluster and
filters out the ones with a label as defined in `sidecar.datasources.label`. The files defined in
-those secrets are written to a folder and accessed by grafana on startup. Using these yaml files,
+those secrets are written to a folder and accessed by grafana on startup. Using these YAML files,
the data sources in grafana can be imported.
Should you aim for reloading datasources in Grafana each time the config is changed, set `sidecar.datasources.skipReload: false` and adjust `sidecar.datasources.reloadURL` to `http://<svc-name>.<namespace>.svc.cluster.local/api/admin/provisioning/datasources/reload`.
@@ -573,7 +311,7 @@ datasources:
If the parameter `sidecar.notifiers.enabled` is set, an init container is deployed in the grafana
pod. This container lists all secrets (or configmaps, though not recommended) in the cluster and
filters out the ones with a label as defined in `sidecar.notifiers.label`. The files defined in
-those secrets are written to a folder and accessed by grafana on startup. Using these yaml files,
+those secrets are written to a folder and accessed by grafana on startup. Using these YAML files,
the notification channels in grafana can be imported. The secrets must be created before
`helm install` so that the notifiers init container can list the secrets.
@@ -810,14 +548,14 @@ file.
As next step you have to setup the `grafana.ini` in your `values.yaml` in a way
that it will make use of the headless service to obtain all the IPs of the
-cluster. You should replace ``{{ Name }}`` with the name of your helm deployment.
+cluster. For example, use ``{{ .Release.Name }}`` to refer to the Helm release name in your values.
``yaml
grafana.ini:
...
unified_alerting:
enabled: true
- ha_peers: {{ Name }}-headless:9094
+ ha_peers: {{ .Release.Name }}-headless:9094
ha_listen_address: ${POD_IP}:9094
ha_advertise_address: ${POD_IP}:9094
rule_version_record_limit: "5"
diff --git charts/grafana/templates/_helpers.tpl charts/grafana/templates/_helpers.tpl
index fe50673c..5f0d7c0a 100644
--- charts/grafana/templates/_helpers.tpl
+++ charts/grafana/templates/_helpers.tpl
@@ -115,30 +115,6 @@ new password and use it.
{{- end }}
{{- end }}
-{{/*
-Return the appropriate apiVersion for rbac.
-*/}}
-{{- define "grafana.rbac.apiVersion" -}}
-{{- if $.Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" }}
-{{- print "rbac.authorization.k8s.io/v1" }}
-{{- else }}
-{{- print "rbac.authorization.k8s.io/v1beta1" }}
-{{- end }}
-{{- end }}
-
-{{/*
-Return the appropriate apiVersion for ingress.
-*/}}
-{{- define "grafana.ingress.apiVersion" -}}
-{{- if and ($.Capabilities.APIVersions.Has "networking.k8s.io/v1") (semverCompare ">= 1.19-0" .Capabilities.KubeVersion.Version) }}
-{{- print "networking.k8s.io/v1" }}
-{{- else if $.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
-{{- print "networking.k8s.io/v1beta1" }}
-{{- else }}
-{{- print "extensions/v1beta1" }}
-{{- end }}
-{{- end }}
-
{{/*
Return the appropriate apiVersion for Horizontal Pod Autoscaler.
*/}}
@@ -150,39 +126,6 @@ Return the appropriate apiVersion for Horizontal Pod Autoscaler.
{{- end }}
{{- end }}
-{{/*
-Return the appropriate apiVersion for podDisruptionBudget.
-*/}}
-{{- define "grafana.podDisruptionBudget.apiVersion" -}}
-{{- if $.Values.podDisruptionBudget.apiVersion }}
-{{- print $.Values.podDisruptionBudget.apiVersion }}
-{{- else if $.Capabilities.APIVersions.Has "policy/v1/PodDisruptionBudget" }}
-{{- print "policy/v1" }}
-{{- else }}
-{{- print "policy/v1beta1" }}
-{{- end }}
-{{- end }}
-
-{{/*
-Return if ingress is stable.
-*/}}
-{{- define "grafana.ingress.isStable" -}}
-{{- eq (include "grafana.ingress.apiVersion" .) "networking.k8s.io/v1" }}
-{{- end }}
-
-{{/*
-Return if ingress supports ingressClassName.
-*/}}
-{{- define "grafana.ingress.supportsIngressClassName" -}}
-{{- or (eq (include "grafana.ingress.isStable" .) "true") (and (eq (include "grafana.ingress.apiVersion" .) "networking.k8s.io/v1beta1") (semverCompare ">= 1.18-0" .Capabilities.KubeVersion.Version)) }}
-{{- end }}
-
-{{/*
-Return if ingress supports pathType.
-*/}}
-{{- define "grafana.ingress.supportsPathType" -}}
-{{- or (eq (include "grafana.ingress.isStable" .) "true") (and (eq (include "grafana.ingress.apiVersion" .) "networking.k8s.io/v1beta1") (semverCompare ">= 1.18-0" .Capabilities.KubeVersion.Version)) }}
-{{- end }}
{{/*
Formats imagePullSecrets. Input is (dict "root" . "imagePullSecrets" .{specific imagePullSecrets})
diff --git charts/grafana/templates/_pod.tpl charts/grafana/templates/_pod.tpl
index 29e4c9a3..b73250f3 100644
--- charts/grafana/templates/_pod.tpl
+++ charts/grafana/templates/_pod.tpl
@@ -1419,7 +1419,7 @@ containers:
key: {{ .Values.admin.passwordKey | default "admin-password" }}
{{- end }}
{{- if .Values.plugins }}
- - name: GF_INSTALL_PLUGINS
+ - name: GF_PLUGINS_PREINSTALL_SYNC
valueFrom:
configMapKeyRef:
name: {{ include "grafana.fullname" . }}
diff --git charts/grafana/templates/image-renderer-deployment.yaml charts/grafana/templates/image-renderer-deployment.yaml
index 9f035d62..20ddff4b 100644
--- charts/grafana/templates/image-renderer-deployment.yaml
+++ charts/grafana/templates/image-renderer-deployment.yaml
@@ -86,7 +86,7 @@ spec:
protocol: TCP
livenessProbe:
httpGet:
- path: /
+ path: {{ .Values.imageRenderer.healthcheckPath }}
port: {{ .Values.imageRenderer.service.portName }}
env:
- name: HTTP_PORT
diff --git charts/grafana/templates/ingress.yaml charts/grafana/templates/ingress.yaml
index b2ffd810..04cc6550 100644
--- charts/grafana/templates/ingress.yaml
+++ charts/grafana/templates/ingress.yaml
@@ -1,13 +1,10 @@
{{- if .Values.ingress.enabled -}}
-{{- $ingressApiIsStable := eq (include "grafana.ingress.isStable" .) "true" -}}
-{{- $ingressSupportsIngressClassName := eq (include "grafana.ingress.supportsIngressClassName" .) "true" -}}
-{{- $ingressSupportsPathType := eq (include "grafana.ingress.supportsPathType" .) "true" -}}
{{- $fullName := include "grafana.fullname" . -}}
{{- $servicePort := .Values.service.port -}}
{{- $ingressPath := .Values.ingress.path -}}
{{- $ingressPathType := .Values.ingress.pathType -}}
{{- $extraPaths := .Values.ingress.extraPaths -}}
-apiVersion: {{ include "grafana.ingress.apiVersion" . }}
+apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ $fullName }}
@@ -24,9 +21,9 @@ metadata:
{{- end }}
{{- end }}
spec:
- {{- if and $ingressSupportsIngressClassName .Values.ingress.ingressClassName }}
+ {{- if .Values.ingress.ingressClassName }}
ingressClassName: {{ .Values.ingress.ingressClassName }}
- {{- end -}}
+ {{- end }}
{{- with .Values.ingress.tls }}
tls:
{{- tpl (toYaml .) $ | nindent 4 }}
@@ -41,38 +38,24 @@ spec:
{{- toYaml . | nindent 10 }}
{{- end }}
- path: {{ $ingressPath }}
- {{- if $ingressSupportsPathType }}
pathType: {{ $ingressPathType }}
- {{- end }}
backend:
- {{- if $ingressApiIsStable }}
service:
name: {{ $fullName }}
port:
number: {{ $servicePort }}
- {{- else }}
- serviceName: {{ $fullName }}
- servicePort: {{ $servicePort }}
- {{- end }}
{{- end }}
{{- else }}
- http:
paths:
- backend:
- {{- if $ingressApiIsStable }}
service:
name: {{ $fullName }}
port:
number: {{ $servicePort }}
- {{- else }}
- serviceName: {{ $fullName }}
- servicePort: {{ $servicePort }}
- {{- end }}
{{- with $ingressPath }}
path: {{ . }}
{{- end }}
- {{- if $ingressSupportsPathType }}
pathType: {{ $ingressPathType }}
- {{- end }}
{{- end -}}
{{- end }}
diff --git charts/grafana/templates/networkpolicy.yaml charts/grafana/templates/networkpolicy.yaml
index 4cd3ed69..07a9d7de 100644
--- charts/grafana/templates/networkpolicy.yaml
+++ charts/grafana/templates/networkpolicy.yaml
@@ -52,6 +52,10 @@ spec:
- namespaceSelector:
{{- toYaml . | nindent 12 }}
{{- end }}
+ {{- range .Values.networkPolicy.explicitIpBlocks }}
+ - ipBlock:
+ cidr: {{ . | quote }}
+ {{- end }}
- podSelector:
matchLabels:
{{- include "grafana.labels" . | nindent 14 }}
diff --git charts/grafana/templates/poddisruptionbudget.yaml charts/grafana/templates/poddisruptionbudget.yaml
index c2264acf..98f396ac 100644
--- charts/grafana/templates/poddisruptionbudget.yaml
+++ charts/grafana/templates/poddisruptionbudget.yaml
@@ -1,5 +1,5 @@
{{- if .Values.podDisruptionBudget }}
-apiVersion: {{ include "grafana.podDisruptionBudget.apiVersion" . }}
+apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
name: {{ include "grafana.fullname" . }}
diff --git charts/grafana/templates/route.yaml charts/grafana/templates/route.yaml
index 58483ee4..8b309312 100644
--- charts/grafana/templates/route.yaml
+++ charts/grafana/templates/route.yaml
@@ -11,7 +11,6 @@ metadata:
name: {{ template "grafana.fullname" $ }}{{ if ne $name "main" }}-{{ $name }}{{ end }}
namespace: {{ template "grafana.namespace" $ }}
labels:
- app: {{ template "grafana.name" $ }}-prometheus
{{- include "grafana.labels" $ | nindent 4 }}
{{- with $route.labels }}
{{- toYaml . | nindent 4 }}
diff --git charts/grafana/templates/service.yaml charts/grafana/templates/service.yaml
index a178e7ee..bad3549d 100644
--- charts/grafana/templates/service.yaml
+++ charts/grafana/templates/service.yaml
@@ -51,6 +51,9 @@ spec:
{{- with .Values.service.sessionAffinity }}
sessionAffinity: {{ . }}
{{- end }}
+ {{- with .Values.service.trafficDistribution }}
+ trafficDistribution: {{ . }}
+ {{- end }}
ports:
- name: {{ .Values.service.portName }}
port: {{ .Values.service.port }}
diff --git charts/grafana/templates/vpa.yaml charts/grafana/templates/vpa.yaml
new file mode 100644
index 00000000..01c8b9aa
--- /dev/null
+++ charts/grafana/templates/vpa.yaml
@@ -0,0 +1,56 @@
+{{- if and .Values.verticalPodAutoscaler.enabled (.Capabilities.APIVersions.Has "autoscaling.k8s.io/v1/VerticalPodAutoscaler") }}
+
+{{- $vpa := .Values.verticalPodAutoscaler }}
+{{- $resources := $vpa.controlledResources | default dict }}
+{{- $target := $vpa.target | default dict }}
+{{- $container := $vpa.container | default dict }}
+
+{{- /* Match deployment.yaml condition */ -}}
+{{- $isDeployment := and (not .Values.useStatefulSet) (or (not .Values.persistence.enabled) (eq .Values.persistence.type "pvc")) -}}
+
+{{- /* Derived defaults */ -}}
+{{- $defaultApiVersion := "apps/v1" -}}
+{{- $defaultKind := ternary "Deployment" "StatefulSet" $isDeployment -}}
+{{- $defaultName := include "grafana.fullname" . -}}
+
+{{- /* Optional override (ONLY if you document it in values.yaml/schema) */ -}}
+{{- $t := $vpa.targetRef | default dict -}}
+{{- $apiVersion := default $defaultApiVersion $t.apiVersion -}}
+{{- $kind := default $defaultKind $t.kind -}}
+{{- $name := default $defaultName $t.name -}}
+
+apiVersion: autoscaling.k8s.io/v1
+kind: VerticalPodAutoscaler
+metadata:
+ name: {{ include "grafana.fullname" . }}
+ namespace: {{ .Release.Namespace }}
+ labels:
+ {{- include "grafana.labels" . | nindent 4 }}
+spec:
+ targetRef:
+ apiVersion: {{ $apiVersion | quote }}
+ kind: {{ $kind | quote }}
+ name: {{ $name | quote }}
+ updatePolicy:
+ updateMode: {{ default "Off" $vpa.updateMode | quote }}
+ resourcePolicy:
+ containerPolicies:
+ - containerName: "grafana"
+{{- if or (get $resources "cpu") (get $resources "memory") }}
+ controlledResources:
+{{- if (get $resources "cpu") }}
+ - "cpu"
+{{- end }}
+{{- if (get $resources "memory") }}
+ - "memory"
+{{- end }}
+{{- end }}
+{{- with $vpa.minAllowed }}
+ minAllowed:
+{{ toYaml . | nindent 10 }}
+{{- end }}
+{{- with $vpa.maxAllowed }}
+ maxAllowed:
+{{ toYaml . | nindent 10 }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git charts/grafana/values.yaml charts/grafana/values.yaml
index fb96ac87..492be3da 100644
--- charts/grafana/values.yaml
+++ charts/grafana/values.yaml
@@ -34,8 +34,8 @@ rbac:
# verbs: []
serviceAccount:
create: true
- name:
- nameTest:
+ name: ""
+ nameTest: ""
## ServiceAccount labels.
labels: {}
## Service account annotations. Can be templated.
@@ -123,7 +123,7 @@ testFramework:
# -- The Docker registry
registry: docker.io
repository: bats/bats
- tag: "v1.4.1"
+ tag: "1.13.0"
imagePullPolicy: IfNotPresent
securityContext: {}
containerSecurityContext: {}
@@ -190,7 +190,7 @@ downloadDashboardsImage:
# -- The Docker registry
registry: docker.io
repository: curlimages/curl
- tag: 8.9.1
+ tag: 8.18.0
sha: ""
pullPolicy: IfNotPresent
@@ -250,6 +250,9 @@ service:
# Adds the appProtocol field to the service. This allows to work with istio protocol selection. Ex: "http" or "tcp"
appProtocol: ""
sessionAffinity: ""
+ # trafficDistribution allows specifying how traffic is distributed to Service endpoints.
+ # Valid values: "" (default - standard load balancing),"PreferSameZone" (K8s 1.34+), "PreferSameNode" (K8s 1.35+), "PreferClose" (deprecated, use PreferSameZone),
+ trafficDistribution: ""
serviceMonitor:
## If true, a ServiceMonitor CR is created for a prometheus operator
@@ -281,8 +284,6 @@ hostAliases: []
ingress:
enabled: false
- # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName
- # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress
# ingressClassName: nginx
# Values can be templated
annotations: {}
@@ -290,8 +291,6 @@ ingress:
# kubernetes.io/tls-acme: "true"
labels: {}
path: /
-
- # pathType is only for k8s >= 1.1=
pathType: Prefix
hosts:
@@ -299,11 +298,6 @@ ingress:
## Extra paths to prepend to every host configuration. This is useful when working with annotation based services.
extraPaths: []
# - path: /*
- # backend:
- # serviceName: ssl-redirect
- # servicePort: use-annotation
- ## Or for k8s > 1.19
- # - path: /*
# pathType: Prefix
# backend:
# service:
@@ -469,7 +463,7 @@ initChownData:
# -- The Docker registry
registry: docker.io
repository: library/busybox
- tag: "1.31.1"
+ tag: "1.37.0"
sha: ""
pullPolicy: IfNotPresent
@@ -663,8 +657,8 @@ plugins: []
# - digrich-bubblechart-panel
# - grafana-clock-panel
## You can also use other plugin download URL, as long as they are valid zip files,
- ## and specify the name of the plugin after the semicolon. Like this:
- # - https://grafana.com/api/plugins/marcusolsson-json-datasource/versions/1.3.2/download;marcusolsson-json-datasource
+ ## and specify the name of the plugin as prefix, with an version. Like this:
+ # - marcusolsson-json-datasource@1.3.24@https://grafana.com/api/plugins/marcusolsson-json-datasource/versions/1.3.24/download
## Configure grafana datasources
## ref: http://docs.grafana.org/administration/provisioning/#datasources
@@ -1520,6 +1514,8 @@ imageRenderer:
hostAliases: []
# image-renderer deployment priority class
priorityClassName: ''
+ # Path to the healthcheck endpoint. On Image Renderer v5.0.0 or newer, this is '/healthz'. Older versions use '/'.
+ healthcheckPath: '/healthz'
service:
# Enable the image-renderer service
enabled: true
@@ -1602,69 +1598,73 @@ imageRenderer:
extraVolumes: []
networkPolicy:
- ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources. Only Ingress traffic is filtered for now.
- ##
+ # -- networkPolicy.enabled Enable creation of NetworkPolicy resources. Only Ingress traffic is filtered for now.
enabled: false
- ## @param networkPolicy.allowExternal Don't require client label for connections
- ## The Policy model to apply. When set to false, only pods with the correct
- ## client label will have network access to grafana port defined.
- ## When true, grafana will accept connections from any source
- ## (with the correct destination port).
- ##
+ # --networkPolicy.allowExternal Don't require client label for connections
+ # The Policy model to apply. When set to false, only pods with the correct
+ # client label will have network access to grafana port defined.
+ # When true, grafana will accept connections from any source
+ # (with the correct destination port).
+ #
ingress: true
- ## @param networkPolicy.ingress When true enables the creation
- ## an ingress network policy
- ##
+ # -- networkPolicy.ingress When true enables the creation
+ # an ingress network policy
allowExternal: true
- ## @param networkPolicy.explicitNamespacesSelector A Kubernetes LabelSelector to explicitly select namespaces from which traffic could be allowed
- ## If explicitNamespacesSelector is missing or set to {}, only client Pods that are in the networkPolicy's namespace
- ## and that match other criteria, the ones that have the good label, can reach the grafana.
- ## But sometimes, we want the grafana to be accessible to clients from other namespaces, in this case, we can use this
- ## LabelSelector to select these namespaces, note that the networkPolicy's namespace should also be explicitly added.
- ##
- ## Example:
- ## explicitNamespacesSelector:
- ## matchLabels:
- ## role: frontend
- ## matchExpressions:
- ## - {key: role, operator: In, values: [frontend]}
- ##
+ # -- networkPolicy.explicitNamespacesSelector A Kubernetes LabelSelector to explicitly select namespaces from which traffic could be allowed
+ # If explicitNamespacesSelector is missing or set to {}, only client Pods that are in the networkPolicy's namespace
+ # and that match other criteria, the ones that have the good label, can reach the grafana.
+ # But sometimes, we want the grafana to be accessible to clients from other namespaces, in this case, we can use this
+ # LabelSelector to select these namespaces, note that the networkPolicy's namespace should also be explicitly added.
+ # </br>
+ #
+ # Example:
+ #
+ # ``
+ # explicitNamespacesSelector:
+ # matchLabels:
+ # role: frontend
+ # matchExpressions:
+ # - {key: role, operator: In, values: [frontend]}
+ # ``
explicitNamespacesSelector: {}
- ##
- ##
- ##
- ##
- ##
- ##
+ # -- networkPolicy.explicitIpBlocks List of CIDR blocks allowed as ingress sources.
+ # Each entry must be a valid CIDR notation string (e.g. 10.0.0.0/8).
+ # When defined, the specified CIDR ranges are added to the ingress `from` rules
+ # using `ipBlock` entries and complement the other configured ingress sources.
+ # </br>
+ #
+ # Example:
+ #
+ # ``
+ # explicitIpBlocks:
+ # - 35.191.0.0/16
+ # - 130.211.0.0/22
+ # ``
+ #
+ explicitIpBlocks: []
+
egress:
- ## @param networkPolicy.egress.enabled When enabled, an egress network policy will be
- ## created allowing grafana to connect to external data sources from kubernetes cluster.
+ # -- networkPolicy.egress.enabled When enabled, an egress network policy will be
+ # created allowing grafana to connect to external data sources from kubernetes cluster.
enabled: false
- ##
- ## @param networkPolicy.egress.blockDNSResolution When enabled, DNS resolution will be blocked
- ## for all pods in the grafana namespace.
+ # -- networkPolicy.egress.blockDNSResolution When enabled, DNS resolution will be blocked
+ # for all pods in the grafana namespace.
blockDNSResolution: false
- ##
- ## @param networkPolicy.egress.ports Add individual ports to be allowed by the egress
+ # -- networkPolicy.egress.ports Add individual ports to be allowed by the egress
ports: []
- ## Add ports to the egress by specifying - port: <port number>
- ## E.X.
- ## - port: 80
- ## - port: 443
- ##
- ## @param networkPolicy.egress.to Allow egress traffic to specific destinations
+ # Add ports to the egress by specifying - port: <port number>
+ # E.X.
+ # - port: 80
+ # - port: 443
+ #
+ # -- networkPolicy.egress.to Allow egress traffic to specific destinations
to: []
- ## Add destinations to the egress by specifying - ipBlock: <CIDR>
- ## E.X.
- ## to:
- ## - namespaceSelector:
- ## matchExpressions:
- ## - {key: role, operator: In, values: [grafana]}
- ##
- ##
- ##
- ##
- ##
+ # -- destinations to the egress by specifying - ipBlock: <CIDR>
+ # E.X.
+ # to:
+ # - namespaceSelector:
+ # matchExpressions:
+ # - {key: role, operator: In, values: [grafana]}
# Enable backward compatibility of kubernetes where version below 1.13 doesn't have the enableServiceLinks option
enableKubeBackwardCompatibility: false
@@ -1705,3 +1705,25 @@ extraObjects: []
# Alternatively, if you wish to allow secret values to be exposed in the rendered grafana.ini configmap,
# you can disable this check by setting assertNoLeakedSecrets to false.
assertNoLeakedSecrets: true
+
+# updateMode options are:
+# Off: n the Off update mode, the VPA recommender still analyzes resource usage and generates recommendations, but these recommendations are not automatically applied to Pods. The recommendations are only stored in the VPA object's .status field.
+# Initial: In Initial mode, VPA only sets resource requests when Pods are first created. It does not update resources for already running Pods, even if recommendations change over time. The recommendations apply only during Pod creation.
+# Recreate: In Recreate mode, VPA actively manages Pod resources by evicting Pods when their current resource requests differ significantly from recommendations. When a Pod is evicted, the workload controller (managing a Deployment, StatefulSet, etc) creates a replacement Pod, and the VPA admission controller applies the updated resource requests to the new Pod.
+# InPlaceOrRecreate: In Recreate mode, VPA actively manages Pod resources by evicting Pods when their current resource requests differ significantly from recommendations. When a Pod is evicted, the workload controller (managing a Deployment, StatefulSet, etc) creates a replacement Pod, and the VPA admission controller applies the updated resource requests to the new Pod.
+# Auto (deprecated): The Auto update mode is deprecated since VPA version 1.4.0. Use Recreate for eviction-based updates, or InPlaceOrRecreate for in-place updates with eviction fallback.
+verticalPodAutoscaler:
+ enabled: false
+ updateMode: "Off"
+ controlledResources:
+ cpu: true
+ memory: true
+
+ # Default safety bounds
+ minAllowed:
+ cpu: "25m"
+ memory: "128Mi"
+
+ maxAllowed:
+ cpu: "1000m"
+ memory: "1Gi" |
Contributor
Author
Edited/Blocked NotificationRenovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR. You can manually request rebase by checking the rebase/retry box above. |
hervenicol
force-pushed
the
renovate/grafana-11.x
branch
from
d9ae1a6 to
d50a38c
Compare
hervenicol
approved these changes
Mar 2, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
10.5.15→11.2.2Release Notes
grafana-community/helm-charts (grafana)
v11.2.2Compare Source
The leading tool for querying and visualizing time series and metrics.
What's Changed
New Contributors
Full Changelog: grafana-community/helm-charts@grafana-11.2.1...grafana-11.2.2
v11.2.1Compare Source
The leading tool for querying and visualizing time series and metrics.
What's Changed
New Contributors
Full Changelog: grafana-community/helm-charts@grafana-mcp-0.7.3...grafana-11.2.1
v11.2.0Compare Source
The leading tool for querying and visualizing time series and metrics.
What's Changed
Full Changelog: grafana-community/helm-charts@tempo-distributed-2.4.2...grafana-11.2.0
v11.1.8Compare Source
The leading tool for querying and visualizing time series and metrics.
What's Changed
Full Changelog: grafana-community/helm-charts@tempo-distributed-2.3.1...grafana-11.1.8
v11.1.7Compare Source
The leading tool for querying and visualizing time series and metrics.
What's Changed
Full Changelog: grafana-community/helm-charts@grafana-11.1.6...grafana-11.1.7
v11.1.6Compare Source
The leading tool for querying and visualizing time series and metrics.
What's Changed
Full Changelog: grafana-community/helm-charts@tempo-vulture-0.12.4...grafana-11.1.6
v11.1.5Compare Source
The leading tool for querying and visualizing time series and metrics.
What's Changed
New Contributors
Full Changelog: grafana-community/helm-charts@tempo-vulture-0.12.3...grafana-11.1.5
v11.1.4Compare Source
The leading tool for querying and visualizing time series and metrics.
What's Changed
Full Changelog: grafana-community/helm-charts@grafana-11.1.3...grafana-11.1.4
v11.1.3Compare Source
The leading tool for querying and visualizing time series and metrics.
What's Changed
New Contributors
Full Changelog: grafana-community/helm-charts@grafana-11.1.2...grafana-11.1.3
v11.1.2Compare Source
The leading tool for querying and visualizing time series and metrics.
What's Changed
Full Changelog: grafana-community/helm-charts@grafana-mcp-0.6.0...grafana-11.1.2
v11.1.1Compare Source
The leading tool for querying and visualizing time series and metrics.
What's Changed
New Contributors
Full Changelog: grafana-community/helm-charts@grafana-11.1.0...grafana-11.1.1
v11.1.0Compare Source
The leading tool for querying and visualizing time series and metrics.
What's Changed
New Contributors
Full Changelog: grafana-community/helm-charts@synthetic-monitoring-agent-1.4.2...grafana-11.1.0
v11.0.1Compare Source
The leading tool for querying and visualizing time series and metrics.
What's Changed
New Contributors
Full Changelog: grafana-community/helm-charts@grafana-mcp-0.5.0...grafana-11.0.1
v11.0.0Compare Source
The leading tool for querying and visualizing time series and metrics.
What's Changed
New Contributors
Full Changelog: grafana-community/helm-charts@tempo-distributed-1.62.1...grafana-11.0.0
v10.7.0Compare Source
The leading tool for querying and visualizing time series and metrics.
What's Changed
New Contributors
Full Changelog: grafana-community/helm-charts@tempo-vulture-0.10.1...grafana-10.7.0
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.